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An opening for closures in Java 

Parallel array structure could appear in OpenJDK in fall 2010 



BY ALEX HANDY 

Closures — a key programming 
structure for enabling parallel 
arrays — may finally be coming to 
Java, as a key feature of the 
forthcoming OpenJDK. 

The OpenJDK governance 
committee and the Java Commu- 
nity Process board decided last 
fall that the OpenJDK would, 
before completion, pass through 
the JCP specifications proposal 
and approval process. As a result, 
the OpenJDK won't be finished 
until at least the fall of 2010. And 



at least one member of the gov- 
ernance committee is going to 
use this extra time for closures. 

The JCP has yet to form a 
committee to begin work on this 
specification, and the OpenJDK 
calendar calls for beta releases 
until September 2010, but the 
project could take much longer. 

Mark Reinhold, principal 
engineer at Sun and a member of 
the OpenJDK governance com- 
mittee, announced at the Euro- 
pean Java conference Devoxx in 
December that the extra time in 



the OpenJDK schedule can be 
used to implement a first take on 
closures for Java. 

"First, the JDK 7 schedule 
has been extended, which in 
turn means two things: We have 
more time, and JDK 8 will be 
even later," he said, explaining 
why he chose now to make a go 
at adding closures. "If we don't 
do closures in 7, then they'll 
have to wait for 8, whenever 
that turns out to be. I don't 
think we can wait that long to 
gain good support for writing 



scalable parallel programs using 
bulk-data APIs such as parallel 
arrays. 

"Second, some of the key par- 
ticipants in the extremely lively 
closures debate of a couple of 
years ago have indicated their 
willingness to consider a simpli- 
fied proposal." 

On his blog, Reinhold laid out 
the need for closures, a program- 
ming concept that allows func- 
tions to be passed along with 
their important variables includ- 
continued on page 21 ► 




White House opening up on Web 

U.S. government makes resources available, but more is needed 




BY ALEX HANDY 

Is government a platform? The 
Web is often touted as a way to 
distribute government informa- 
tion to a nation's citizens. In the 
United States, efforts to use the 
Web to improve communica- 
tion are ongoing — but at least 
one official isn't satisfied. 

Andrew McLaughlin, deputy 
CTO for the Executive Office of 
the President and of the Office of 



Science and Technology Policy, 
said that "government should be 
a platform." And that was just the 
beginning. 

Speaking at the Supernova 
conference, held in December in 
San Francisco, McLaughlin said 
that President Barack Obama 
held technological advancement 
of the U.S. Government's sys- 
tems as a high priority during his 
campaign, and that the adminis- 



tration was already following 
through on that promise. 

The Obama administration, 
McLaughlin said, has built 
sites like data.gov and 
usaspending.gov, which both 
offer information to the public 
in machine-readable formats. 
And that, said McLaughlin, is 
what the government should be 
doing: making its vast resources 
continued on page 21 ► 



W3C greenlights EXI 

XML substitute enters interop testing 



BY DAVID WORTHINGTON 

The World Wide Web Consor- 
tium has given the green light for 
developers to implement Effi- 
cient XML Interchange (EXI), a 
substitute for plain old band- 
width-hogging, clunky XML. 

W3C made EXI a candidate 
recommendation in December, 
meaning that it is steady and 
ready for implementation, said 
John Schneider, CEO of 
AgileDelta and co-editor of the 
EXI working draft. "WC3 is 
encouraging broad implementa- 
tion," he added. 

EXI is a binary syntax for 
XML. The advantage of being 
binary is that EXI makes more 
judicious use of bandwidth and 



hardware while fulfilling W3C's 
objective to produce a standard 
binary XML that integrates with 
plain text XML. 

Text formats require more 
bandwidth and processing than 
binary formats. 

The next step for EXI is inter- 
operability testing, followed by 
final approvals around the end of 
March, Schneider said. Changes 
made from the draft specifica- 
tions addressed comments and 
refined functionality, he added. 

Its early implementers include 
AgileDelta, Canon, Fujitsu and 
Siemens. Schneider believes that 
EXI will become more widely 
adopted when the size of the mar- 
ket merits more investment. I 
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Microsoft puts touch on developers 

Company tries to drive technology into mainstream with Windows 7 



BY DAVID WORTHINGTON 

Microsoft surprised attendees 
to November's Professional 
Developers Conference with 
free touch-screen laptops. It 
wasn't largesse, for the compa- 
ny had an ulterior motive: to get 
developers to write applications 
that utilize touch interfaces. 

Uptake in the enterprise will 
take time, as developers are try- 
ing to figure out how to apply it, 
said Patrick Hynds, president of 
consulting firm CriticalSites 
and a Microsoft regional direc- 
tor (an individual recognized by 
Microsoft's Developer Platform 
evangelism group for technical 
expertise). 

Hynds believes that touch- 
screen technology could be 
very useful in network opera- 
tions centers. Business users, 
he added, will not be touching 
the screen much, but there will 
be some touch-screen applica- 
tions in every business over 
time. "It's just a matter of when 
they realize it," he said. 

Chris Menegay, a principal 




Developers will need to learn new Ul design skills, says author Billy Hollis. 



consultant for Notion Solutions 
and a Microsoft regional direc- 
tor, feels that the technology will 
remain niche, but that it could 
be very successful where it is 
applied. Mobile workers in the 
field, as well as for kiosks, inter- 
active whiteboards in meeting 
rooms, and medical imaging 
devices, would be useful cases 
for its adoption, he added. 



However, developers will 
need to learn new skills in Win- 
dows Presentation Foundation 
(WPF) and UI design tech- 
niques before those scenarios 
can be supported, said author 
and Microsoft regional director 
Billy Hollis. "Developers are 
notoriously slow to adapt their 
UI design skills." 

Hynds said that Silverlight 



could simplify the program- 
ming portion of touch-screen 
UI design. Microsoft will intro- 
duce touch-screen support in 
Silverlight 4. 

"Microsoft's advantage is 
building in touch at the OS and 
developer tools level," Hollis 
said. "With Windows 7, it's just 
there if you have the hardware. 

"I expect laptops to be one of 
the first segments to have a lot of 
touch support, because direct 
touch for the screen is a nice 
complement to a touchpad. 
While the touchpad can emulate 
the sensitivity of a mouse, 
directly touching the screen is 
faster and more intuitive for 
things like program navigation." 

Microsoft's drive to main- 
stream touch-screens began 
with Windows 7, and Micro- 
soft's Surface team's contribu- 
tions to WPF and Silverlight 
provided crucial technology 
that backed up that effort. The 
Surface team made its SDK 
public, and the team writes 
WPF controls for Windows. 



Of course, touch-screens 
were on track toward becoming 
more commonplace before 
Microsoft's adoption of the 
technology. Most recently, 
Apple's iPhone demonstrated 
that touch has "real potential," 
and is "sowing the seeds for 
high demand through the 
industry," Hollis said. 

Menegay's outlook for the 
technology wasn't as positive. 
"Touch-screens have been 
around for years, and they've 
found their use at kiosks, where 
people can walk up and use 
them, and they don't need to 
type text. I think multi-touch 
will make that [keyboard-less] 
experience much nicer," he said. 

"But I don't think we're going 
to all start pointing our screens 
like in 'Minority Report.' Most of 
today's work is still text input, 
and touch isn't compelling for 
that yet. And who really wants to 
keep moving from keyboard to 
touching their screen? I can't 
even reach my monitor easily 
from where I'm sitting." I 



JCP holds elections, contemplates OpenJDK 



BY ALEX HANDY 

November's elections to the 
executive committee of the Java 
Community Process proved 
that the body is still functioning 
normally in the wake of the 
Oracle/Sun merger announced 
in April 2009, but activity 
involving the advancement of 
the Java platform has slowed to 
a crawl. 

While existing Java Specifica- 
tion Requests, such as the Java 
EE 6 specification, have contin- 
ued through the JCP process 
since the merger announce- 
ment, the JCP has had no new 
specification submissions in that 
time. Additionally, no JSRs have 
entered the early draft review 
stage, either. 

The JCP also decided this 
fall that it would have a go at 
the OpenJDK specification 
before its release. But since 
the time the JCP made this 
decision, there have been no 
specification submissions to 
the JCP under the OpenJDK 
umbrella. 

There are numerous changes 
to the OpenJDK that will 
require their own JSRs. Some 
changes already have JSRs, such 



ELECTION RESULTS 2009 



STANDARD/ENTERPRISE EDITION 
EXECUTIVE COMMITTEE 
Ratified seats 

Lea, Doug (1-year term) 85.77% 

IBM 80.49% 

Oracle 77.64% 

Hewlett-Packard 71.95% 

Fujitsu 66.67% 

Open elections 

The top member has been elected. 

Peierls, Tim 26.42% 

Terracotta 23.17% 

Liferay 18.70% 

McCullough, Matthew 14.63% 



MICRO EDITION EXECUTIVE COMMITTEE 


Ratified seats 




T-Mobile 


73.17% 


Siemens 


72.76% 


Vodafone 


71.54% 


AT&T 


65.45% 


SK Telecom (2-year term) 


51.22% 


Open elections 




Feldman, Jacob 


52.44% 



Term duration: 3 years unless noted differently 

Number of eligible voters: 1,142 

Percent voting members casting votes: 21.45% 

Sourceijcp.org 



as Project Jigsaw, which is an 
implementation of JSR 294: 
Improved Modularity Support 
in the Java Programming Lan- 
guage. But, ironically, though 
this JSR is being implemented 
in the OpenJDK 7, it is not 
intended for completion in time 
for the first public release of the 
OpenJDK. Instead, JSR 294 is 
expected to be tested in the 
OpenJDK, but finished in time 
for the next release of Java, 
which would be Java SE 8. 

And though the OpenJDK 
has not yet begun to work its way 



through the JCP, past experi- 
ences have shown that one to 
two years is a typical period of 
time for the JCP to work on a 
specification. Even when specifi- 
cations are finished and brought 
to the JCP for a rubber stamp, 
they can take up to a year. 

This is what happened when 
the OSGi specification was 
brought to the JCP. JSR 291, 
which essentially approved the 
OSGi way of doing things, took a 
year and a half to gain approval. 
Even then, the OSGi specifica- 
tion also saw members voting 



against its approval as a JSR, 
arguing that the JCP should not 
rubber stamp existing standards. 
Sun Microsystems itself actually 
voted against the OSGi public 
review for this reason. Similarly, 
the OpenJDK has been devel- 
oped outside the JCP. 

VOTING RESULTS 

The JCP Executive Committee 
elections proved to be about as 
popular as Americas off-year 
general elections: only 21% of 
the membership actually voted. 
The results placed Doug Lea 



in a one-year seat on the execu- 
tive committee for Java SE/EE. 
Lea is a professor of computer 
science at the State University of 
New York at Oswego. He was 
the chair of JSR 166 and the 
author of "Concurrent Program- 
ming in Java: Design Principles 
and Patterns." 

Fujitsu, Hewlett-Packard, 
IBM and Oracle were also 
elected to the executive com- 
mittee. Lea and all four of these 
companies were re-elected to 
their existing seats. Nortel was 
not re-elected. 

The open seat elections 
were more contentious, and 
concurrency expert Tim Peierls 
won out over Liferay, Terracot- 
ta and Matthew McCullough, a 
Denver-based software devel- 
opment consultant. 

The Java ME executive 
committee elections saw AT&T, 
Siemens, SK Telecom, T- Mobile 
and Vodafone all elected to 
seats. Ericsson, Motorola and 
Qisda all lost their seats. 

Jacob Feldman, the specifi- 
cation lead on JSR 331: Con- 
straint Programming API, won 
election to the open seat on the 
Java ME executive committee. I 
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Lucene 3.0: 
Better search, 
cleaner code 

BY ALEX HANDY 

Lucene, the Apache Java search engine 
project, is now cleaner and does a better 
job with recommendations. Lucene 3.0, 
released in late November, was primarily 
focused on housekeeping, but also added 
new functionality for improving the intel- 
ligence of searches, particularly of making 
strong recommendations in its results. 

On the housekeeping side, many old 
features considered to be useless or harm- 
ful were removed, while the overall pro- 
ject was enhanced to require Java SE 5. 

"This is the first Lucene release with 
Java 5 as a minimum requirement," said 
Uwe Schindler, committer to the Apache 
Lucene project. "The API was cleaned up 
to make use of Java 5 s generics, varargs, 
enums and autoboxing. New users of 
Lucene are advised to use this version for 
new development, because it has a new, 
clean, type-safe API. Upgrading users can 
now remove unnecessary casts and add 
generics to their code, too." 

A big area of interest for Lucenes 
developers is to use the project as the 
basis for a machine-learning-based rec- 
ommendation engine. 

Ted Dunning, CTO of the DeepDyve, 
a website for searching scientific articles, 
said that recommendation engines 
essentially come down to matrix multiply. 

"Recommendations are a form of data 
mining, so I may be a search guy on the 
surface, but I am part of Mahout," said 
Dunning. 

Mahout is a sub-project of Lucene 
that's building machine-learning libraries 
that can be used on top of Lucene. 
Lucene textual search patterns can be 
used to train Mahout programs to under- 
stand the data, and to build models for 
future predictions. 

"Our task is to predict missing obser- 
vations," said Dunning, and so much of 
the work in Lucene needed to build a 
recommendation engine is in creating 
the core features for multiplying rows 
and tables. 

Dunning gave the example of search- 
ing for a flamenco group on a video site, 
using both standard text search and a rec- 
ommendation engine. The Lucene-based 
recommendation engine was able to find 
similar flamenco videos from other artists 
without the need for additional search 
terms. Meanwhile, Dunning said a stan- 
dard text search for the group name yield- 
ed only other videos of that group. He 
suggested that using information to sug- 
gest similar items is a far more effective 
way of searching. 

Lucene artifacts for the Maven 2 build 
tool are available online, as are standard 
Java packages. I 



Scanning open-source code for violations 

Black Duck, OpenLogic roll out new tools for governance 



BY DAVID RUBINSTEIN 

With the increased use of open-source 
code, organizations are finding it more 
difficult to keep track of intellectual 
property and company policy viola- 
tions. Two companies have brought out 
new solutions to help these organiza- 
tions better govern the use of open- 
source code. 

Entering the market for code scan- 
ning tools is OpenLogic, which in 
December announced it was adding 
a code scanning and license compli- 
ance component to its OLEX Enter- 
prise Edition. OLEX (OpenLogic 
Exchange) is the company's platform 
for governing open-source downloads. 
The module includes the company's 
OSS Deep Discovery tool, which is 
a code scanner that can identify 
open-source code, components and 
licenses. 

OpenLogic is entering a market that 
already has Black Duck and Palamida 
offering similar solutions, but Open- 
Logic CEO Steve Grandchamp said in a 
statement that his company is looking to 
reduce false positives and come in at a 
lower price point. Pricing for the mod- 
ule begins at US$10,000, and increases 
according to the amount of code that 
will be scanned, the company said. 

OSS Deep Discovery, according to 
the company, can find open-source 
components and code snippets, even if 
the code has been deliberately 
changed to hide its origin. The tool also 
compares code to existing projects in a 
cloud-based repository to that ensure 
no licenses or company policies are 
being violated. 

The license compliance module can 
display licensing conflicts to users and 
point out any conflicts based on an 
analysis of the code and a check against 
a legal database, the company said. 

CODE SIGHT 

Meanwhile, Black Duck Software has 
created Code Sight, based on its 
Koders.com search technology, with 
the idea to give companies the ability 
to search their internal codebase. 

The company said Code Sight 
extends the functionality of the Black 
Duck software suite by going beyond 
metadata associated with open-source 
projects to search the actual source 
code. The tool can index code and 
make it searchable across distributed 
teams, the company said. 

Code Sight, released in the first 
quarter of 2010, will come with built-in 
integrations for SCM systems such as 
Git, IBM Rational ClearCase, 
Microsoft Team Foundation Server 
and Subversion. 

"By enabling the search of both 
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metadata and source code, we are 
giving developers more powerful ways 
to find the code they need, when 
they need it, in compliance with com- 
pany policies, all the while giving 
them up-to-date version, license and 
security data about the code," Black 



Duck CEO Tim Yeaton said in a state- 
ment. A free edition of the tool will 
also be available in the same time 
frame, but is limited to 5 million lines 
of code. 

Along with Code Sight, Black Duck 
has increased the open-source code 
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, NEW PRODUCTS , 



Ul development company Infragistics has released two new 
Silverlight Community Technology Previews (CTPs) and two 
new NetAdvantage ICONS packs. The NetAdvantage Silverlight 
for Line of Business CTP includes a ZIP file compression library, 
a new control persistence framework, and new Silverlight data grid 
features, such as unbound columns and template layouts. The 
NetAdvantage for Silverlight Data Visualization CTP includes a 
Silverlight charting control. The two new packs add legal and aca- 
demic icons to application user interfaces, company executives 
said . . . Intel has announced a beta version of its Atom Develop- 
er Program SDK that is compatible 
with the Moblin Linux-based oper- 
ating system and Windows. The Intel Atom processor is suited for 
development on mobile devices and netbooks. As part of the beta, 
Intel is offering incentives, such as joining the company's revenue 
generation program, to developers that submit applications, 
according to Intel executives. 



Intel* Atom 



UPDATES 

J L 



Rally Software has added a new time-tracking module called Rally 
Time Tracker to version 2009.5 of its namesake ALM platform. 

Additionally, new reporting features let development teams and 
program managers view project statuses and costs in terms that 
are familiar to their role, company executives said . . . Business 
application platform provider 4D has made available 4D Web 2.0 
Pack vll Release 5, adding a new calendar and an updated chart 
for the 4D Ajax Framework component. The calendar lets users 
publish events directly to the Web, iPhone and other iCalendar 
format-compatible smartphones . . . Database management 
company Devart has released a new version 
dotConnect of its dotConnect Universal data provider for 
Univeiul accessing data from MySQL, Oracle, SQL 
Server and other .NET databases. dotConnect Universal offers 
connectivity options like HTTP tunneling, and has a new software 
library that implements a self-contained SQL database engine 
. . . DevExpress has updated Data Grid for WPF with a new Grid 
Column Best Fit Option and new grid row indicators. There is also 
a memo text editor for grid editing, according to the company 
. . . Veryant has added the ability to use file sizes of 9 
billion gigabytes or more in a new version of its ",•" 
isCOBOL application development and deployment hv£sB 
platform. There are now rich Internet application 
COBOL deployments with JavaScript embedding 
capabilities, and the new version also has greater compatibility 
with outdated platforms such as ACUCOBOL-GT and RM/COBOL 
. . . Database product provider FFE Software has announced ver- 
sion 3.2 of its FirstSQL/J Embedded Mobile Edition relational 
database management system. The new version has resource file 
capabilities, such as a BuildResourceDb utility for writing a physi- 
cal database to a resource file, and a CompileStaticSgl Utility to 
write execution plans for SQL commands to resource files. 



PEOPLE 



Mark Shuttleworth has stepped down as CEO of Canonical, creator 
of the Ubuntu server. Shuttleworth, who formed Canonical in 2004 
to provide commercial support for free software 
projects, said he is exiting the CEO post to "focus 
my Canonical energy on product design, partner- 
ships and customers. Those are the areas that I 
enjoy most, and also the areas where I can best 
shape the impact we have on open source and the 
SHUTTLEWORTH technology market." Jane Silber, who had been 
serving as Canonical's COO, will take over the job of CEO, according 
to Shuttleworth. I 




An ounce of prevention j& 

Jack Danahy discusses application security and his role 
at IBM Rational, which purchased the company he foundet 



BY JEFF FEINMAN 

Jack Danahy, founder and for- 
mer CTO of Ounce Labs, is now 
spreading his knowledge and 
enthusiasm for application secu- 
rity to IBM. When Big Blue 
acquired the source code analy- 
sis firm in July 2009, Danahy was 
named security executive in the 
office of the CTO for IBM 
Rational Since then, he's been 
helping to weave Ounce's prod- 
ucts into IBM Rational, and he 
recently spoke with SD Times 
about how that is being done and 
what is in store for application 
security in general. 

SD Times: How will IBM be utiliz- 
ing Ounce's technologies in the 
coming months? 

Jack Danahy: We benefit from 
the fact that the group within 
IBM Rational already knew a 
lot about application security. 
This wasn't just a technology 
purchased by an organization 
interested in getting into secu- 
rity. It was the next step in the 
fulfillment of a strategy that 
IBM has talked about a lot in 
terms of improving their ability 
to treat a wide variety of securi- 
ty problems. 

So our first steps over the 
next few months. . .involve find- 
ing ways in which we can lever- 
age what we have in the source 
code scanning technology with 
existing products at IBM, such 
as Rational AppScan. By exist- 
ing within the Rational group, 
we're finding ways to integrate 
the technology further and fur- 
ther back within the product 
development life cycle. 
Describe the transition into IBM 
and how Ounce's technology was 
brought in and meshed with 
IBM's current assets. 
The main body of the IBM 
Rational security platform was 
involved in testing operational 
systems through penetration 
testing. They had done some 
work in advanced platform 
analysis from a source code per- 
spective, and it was actually that 
work that led them to the con- 
clusion that IBM customers 
needed a lot of help in the area. 
That technology from IBM, 
which is called Rational AppScan 
Source Edition, is meant to look 
at the source code itself as it 
exists in a development environ- 



ment or in its own environment. 
Integrating Ounce with that 
technology is the first step. 
Talk about what you're doing now 
with IBM. 

I'm sort of continuing on a lot of 
what I was doing when I was 
with Ounce, which is evangeliz- 
ing and talking to folks who are 
interested in application security. 
I talk about some of the new 
threats we're seeing, and I'm 
spending a fair amount of time 
discussing the integration of 
application security into atypical 
environments. We're finding a 
lot of places where people are 
just beginning to apply security, 
like energy and power grids. 
What are your thoughts on the 
increased emphasis on Web appli- 
cation security, especially with 
more and more Web applications 
being developed? 
One of the things we see is that 
it's not just organizations rolling 
out more of the same old style of 
Web applications. We've seen an 
enormous upswing in the type of 
enabling tools that exist for peo- 
ple who want to Web-enable 
existing applications. 

If you think about some of 
the benefits of service-oriented 
architecture, some of the frame- 
works that are available or some 
of the disposition of legacy tech- 
nology into Web-facing front- 
ends, you're seeing a lot of orga- 
nizations recognize that they 
have existing assets that would 
really benefit from having new 
ways to get at them. The same 
organizations that are doing this 
are pretty well informed about 
security. They're recognizing 
that securing that application is 
part of the responsibility of 
migrating it into a more exposed 
position. 

It's not just about brand new 
stuff organizations are building. 
Sometimes customers say, 'How 
do we look at what we have, and 
as we build new interfaces into it, 
how do we make sure that those 
are mitigating exposure to secu- 
rity risks?' I think the natural dis- 
position of the Web application 
security problem is one of the 
things that is driving the interest 
we're seeing into 2010. 
What is your take on the overall 
security market right now, 
especially with key companies 
being bought up in recent years? 



The acquisitions you mentioned 
are a function of those technolo- 
gies becoming more stable and 
those best-of-breed companies 
getting bought up by larger 
companies. In any market, it's 
the pattern of how this happens: 
establish a reputation for a qual- 
ity product, establish good rela- 
tionships with key customers, 
and make sure customers look- 
ing for stable technologies can 
get them from one source. 
Are you seeing the security land- 
scape coming down to the big 
players, such as IBM and HP, 
going up against one another? 
I think that in the area of appli- 
cation security, the companies 
who continue to play a role are 
making the moves that you're 
talking about. They are advanc- 
ing their own platforms, and as 
we see this consolidation hap- 
pen, it's a response to that matu- 
ration process from those larger 
companies that want to continue 
to be front and center. 

I think that competition will 
naturally continue, as it does in 
any growing market, and as 
we've seen over the last 12 
months. Even as a small compa- 
ny with Ounce Labs, there's 
been no diminution of our 
capacity to sell. The market for 
what we do continues to grow in 
spite of the fact that the econo- 
my may not be doing so well. 
Heading into 2010, what would 
your main message be to securi- 
ty professionals and developers 
on how to keep their apps secure? 
The thing I'd ask them to do is to 
be very much aware of what the 
applications they're writing are 
going to be doing. If it's going to 
be handling confidential infor- 
mation, be aware of that. If it's 
going to be doing transaction- 
oriented things, be aware of that. 
If it's going to help to run a pow- 
er plant or utility grid, under- 
stand that there are different 
security requirements that come 
with that responsibility. 

Make sure you are building, 
testing and designing for secu- 
rity, because as this software 
becomes more critical to busi- 
nesses and infrastructure, it 
becomes enormously more 
important for developers to 
take responsibility for that soft- 
ware behaving the way it is 
expected to. I 
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WS02 builds Gadget Server for dynamic content 



BY DAVID WORTHINGTON 

Google Gadgets is popular on 
the open Web, but many 
enterprises do not take advan- 
tage of dynamic content inside 
of the firewall. WS02, a mak- 
er of open-source SOA mid- 
dleware, has taken the tech- 
nology and created a new 
Gadget Server, which it 
released in December. 

WS02 Gadget Server is 
built upon Apache Shindig, an 
Apache incubation project that 
uses Google's OpenSocial con- 
tainer (the technology behind 
Google Gadgets) as its core 
rendering technology to build 
gadgets, said WS02 CTO Paul 
Fremantle. 

WS02 has added personal- 
ization to Shindig with the abil- 
ity to store settings, and it 
allows administrators to set 
restrictions. 

The Gadget Server can be 
installed in a data center or as 
a virtual machine image run on 
Amazon Web Services, or 
within a private cloud, Fre- 
mantle said. "It is a portal out 
of the box" that is simpler to 
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Business Activity Monitor runs on WS02's Gadget Server, a commercial implementation of Apache Shindig. 



develop and install than 
portlets he added. 

Portlets, Fremantle said, 
require Java programmers and 
must be installed into portal 
servers by an administrator, 
whereas gadgets are pure 



HTML and JavaScript wrapped 
in a simple XML container. 
"Get anyone who is a Web pro- 
grammer, and they can build a 
gadget." 

Developers can create their 
own gadgets or choose nearly 



any Google Gadget from the 
Web to run on the Gadget Serv- 
er, Fremantle said. "A few 
won't work that are Google- 
specific," he added. 

The Gadget Server enables 
organizations to aggregate con- 



tent, create content feeds, and 
integrate LDAP or Active Direc- 
tory services, Fremantle said. 

WS02 has developed a 
Business Activity Monitor 
(BAM) solution that is built 
using Gadget Server as its user 
interface. It uses agents to col- 
lect data asynchronously from 
the WS02 stack or to pull data 
from external data sources 
using publish/subscribe. Trans- 
actions can just be traced for 
analysis, or data can be 
processed. 

The BAM solution receives 
live analytics from the WS02 
Enterprise Service Bus. It 
offers analytics to help organi- 
zations identify patterns and 
trends, Fremantle said. Over 
time, the company will inte- 
grate its BAM solution with its 
rules engine, so that if "sales are 
down and costs are up, compa- 
nies can fire the CEO," he 
quipped. 

The WS02 Gadget Server 
and BAM solution are free and 
open source. Product support 
for the server starts at 
US$8,000 per server. I 
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JetBrains has ideas about speeding up its Java IDE 



BY JEFF FEINMAN 

JetBrains has revamped its 
IDEA Java IDE with the goal 
of faster performance, and it 
has added integration with the 
Amazon cloud platform to its 
TeamCity continuous integra- 



tion and build server. 

According to JetBrains execu- 
tives, IDEA 9 is a much faster 
environment, with startup speed 
increased from previous ver- 
sions. New file indexing features 
allow developers to use editing 



features almost immediately, the 
company said. 

There is also integration with 
Java EE 6 and PHP support. A 
new visual editor defines the 
structure of project deliver- 
ables, such as the EAR (Enter- 



prise Archive) file formats. 

"There are many productivity 
and usability improvements in 
IDEA 9, and we keep up with all 
the latest technology trends," 
said Sergey Dmitriev, cofounder 
and CEO of JetBrains. 
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success or better. AdminStudio is the only 
MSI packaging solution to support multiple 
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App-V™, VMware® ThinApp™ and 
Citrix® XenApp™. 
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Other new features in IDEA 
9 are tighter integration with 
Adobe AIR and refactoring of 
Adobe s ActionScript. 

IDEA 9 comes in two edi- 
tions: Community Edition, 
which is a free and open- 
source version of the product; 
and Ultimate Edition, which is 
geared toward developers 
working with more-advanced 
frameworks and technologies, 
Dmitriev said. A commercial 
license of the Ultimate Edi- 
tion, designed for companies, 
is US$599. A personal license 
of the edition for individual 
developers is $249. 

JetBrains also rolled out ver- 
sion 5.0 of TeamCity, adding 
integration with Amazon EC2. 
This puts build agents, which 
are a separate computer or vir- 
tual machine capable of run- 
ning a build with the TeamCity 
agent software installed, on 
Amazon EC2. 

There is new issue tracker 
integration with JetBrains 
YouTrack, as well as Atlassian s 
JIRA and Bugzilla. New fea- 
tures with TeamCitys Apache 
Maven integration bring easier 
build configuration creation of 
POM (project object model) 
files and build triggering on 
Maven artifacts change. 

Other new features in Team- 
City 5.0 include build configu- 
ration templates for eliminating 
redundancy in build configura- 
tion settings and project archiv- 
ing. There is now a command 
line tool for running personal 
builds without IDE integration 
on a server. 

Another main area of 
change in TeamCity comes in 
tweaks in the software's inte- 
gration with Apache Maven, 
including the creation of 
Maven-based build configura- 
tions. According to JetBrains 
executives, only the URL to 
the POM file is needed for 
such configurations. There is 
also a new type of dependency 
trigger (a Maven artifact trig- 
ger) that starts a build each 
time a specified Maven artifact 
changes. 

The Professional Edition of 
TeamCity 5.0, which offers up to 
20 user accounts, is available for 
free, while the Enterprise Edi- 
tion, which has an unlimited 
number of user accounts, is 
available annually for $1,999 for 
new licenses and $999 for 
returning customers. Additional 
build agents are $299 apiece. I 
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SPTechCon focuses on 2010, embraces MOSS 2007 



BY DAVID RUBINSTEIN 

New features and functionality 
in SharePoint 2010 will be the 
focal point, but SharePoint 
Server 2007 instruction will also 
be plentiful at SPTechCon — 
the SharePoint Technology 
Conference — being held Feb. 
10-12 at the Hyatt Regency 
San Francisco Airport in 
Burlingame, Calif. 

SPTechCon, produced by 
BZ Media LLC, which owns 
SD Times, will feature more 
than 80 workshops and techni- 
cal classes spanning three full 
days. The 39-member faculty 
features some of the brightest 
minds in SharePoint today, 
including a Microsoft Certified 
Master in SharePoint as well as 
numerous Microsoft MVPs and 
a host of experts with very spe- 
cific knowledge about all 
aspects of SharePoint. 

The first day will feature 
full-day workshops for people 
just getting started with Share- 
Point. "SharePoint 101" ses- 
sions will be offered for devel- 
opers, IT administrators and 
business users. Other work- 
shops include "Become a 
SharePoint 2010 Power User," 
"SharePoint Site Planning: Get 
it Right the First Time," and 
"15 Things Developers Should 
Know About Migrating to 
SharePoint 2010." 

The opening keynote will 
again be presented by Tom Riz- 
zo, Microsoft's director of 
SharePoint. Rizzo, who deliv- 
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The SharePoint 
Technology Conference 



Feb. 10-12. 2010 -> San Francisco 



CONFERENCE: Feb. 10-Feb. 12 

Hyatt Regency San Francisco Airport 
Burlingame, Calif. 



WORKSHOPS: 
Wednesday, 8:30 a.m. - 
1 p.m. - 4:30 p.m. 



Noon 



CONFERENCE HOURS: 
Thursday, 9:30 a.m. - 5:15 p.m. 
Friday, 8:15 a.m. - 4:30 p.m. 

KEYNOTES: 

Tom Rizzo: Thursday, 8:15 a.m. - 9:15 a.m. 
Ted Pattison: Thursday, 
5:30 p.m. - 6:30 p.m. 

SPECIAL EVENTS: 
Wednesday, 4:30 p.m. - 6 p.m. 
"Tell Me Something I Don't Know 
(About SharePoint)" 
Wednesday, 6 p.m. - 8 p.m. 
Attendee Reception 
Thursday, 6:30 p.m. - 8 p.m. 
"Pizza and Answers" 



ered the keynote address at the 
two SPTechCon events in 2009, 
will speak on the delivery of 
SharePoint 2010. A second 
keynote will be given by Ted 
Pattison, a SharePoint consul- 



tant who recently founded Crit- 
ical Path Training. 

A special session called "Tell 
Me Something I Don't Know 
(About SharePoint)" gives 
Microsoft's SharePoint partners 



an opportunity to present 
important information to con- 
ference attendees in an enter- 
taining, lightning- talk style, 
while "Pizza and Answers" gives 
attendees a chance to talk to 



our expert faculty members in a 
very informal setting. 

A complete listing of classes 
and workshops as well as regis- 
tration information can be 
found at www.sptechcon.com. I 
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64-bit Windows environments. 



OEM Licenses 

License and distribute products 
quickly and easily with a PDF 
technology that does not rely on 
external open-source libraries. 



Rapid Integration 

Integrate PDF conversion, creation 
and editing into your .NET and 
ActiveX applications with just a few 
lines of code. 



Customization 

Let our experienced consultants 
help you turn your software 
requirements into customized 
PDF solutions. 



PDF Suite 

Developer Pic 



We understand the challenges that come with PDF integration. 
From research and development, through design and 
implementation, we work with you every step of the way. 

Get 30 days of FREE technical support with your trial download! 



~ www.amyuni.com 



USA and Canada 

Toll Free: 1 866 926 9864 

Support: (514) 868 9227 

Info: sales@amyuni.com 



Europe 

Sales: (+33) 1 30 61 07 97 

Support: (+33) 1 30 61 07 98 
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Perforce Timc-bpiG Vpqw 



Introducing Time-lapse View, 

a productivity feature of Perforce SCM. 

Time-lapse View lets developers see every edit ever made to a file in a 
dynamic, annotated display. At long last, developers can quickly find answers 
to questions such os: 'Who wrote this, code, and when?' and 'What cenient 
got changed, and why?' 

Time-lapse View features a graphical timeline that visually recreates the 
evolution of a file, change by change, in one fluid display Color gradations 
mark the aging of file contents, and the display's timeline can be configured 
to show changes by revision number, date, or changeset number. 

Time-lapse View is just one of the many productivity tools that come with the 
Perforce SCM System. 



Perforce 

SOFTWARE 



Download a free copy of Perforce, no questions 

asked, from www. perforce. com » Free technical support is 
available throughout your evaluation. 
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Clerity Map Editor aids with mainframe migration 



BY JEFF FEINMAN 

With its new Map Editor, 
mainframe migration and 
modernization company Cleri- 
ty Solutions is trying to make 
mainframe application migra- 
tion an easier process for 
developers. 

Map Editor, released in 
December, builds and main- 
tains CICS Basic Mapping 
Support (BMS) maps for 
workloads running in Clerity s 
UniKix mainframe rehosting 
software suite. UniKix migrates 
Adabas/Natural, CICS, IMS 
and other similar applications 
off of the mainframe accord- 
ing to Barry Tait, Clerity 's 
technical pre-sales engineer- 
ing manager. 

"The customer has obviously 
made the choice that the appli- 
cation fits their business needs, 
they just want to run it on a 
more cost-effective platform," 
Tait said in talking about 
UniKix. "So we can take their 
old or legacy-based application 
and run them with little to no 
change on open system plat- 
forms." 

Map Editor can create and 
modify standalone BMS files 
and BMS files associated with 
COBOL copybooks. Tait 
described Map Editor as a 
Java-based, GUI-based devel- 
opment environment that 
maintains green screens. 
Instead of having to write or 
change underlying green- 
screen assembly code, a devel- 
oper can manipulate green- 
screen attributes through the 
editor's Java interface. The 
software costs US$15,000 for a 
10-developer bundle. 

Some green-screen mainte- 
nance tasks, such as defining a 
character on the screen, or 
finding out character attributes 
such as color or size, can be dif- 
ficult for developers unless 
they have great knowledge of 
how to assemble green screens, 
according to Tait. 

"What we've done with this 
solution is really simplified 
things by giving you a visual 
environment," he said. "In the 
past, the kind of tools you'd use 
was all interactive and terminal- 
based. They weren't as pretty as 
the point- and-click tool we've 
created here in Java." 

Tait said one of the main 
concerns that comes with a 
lack of mainframe experience 
among young developers is 
determining who will maintain 



green-screen applications, 
which he said will remain rele- 
vant. Map Editor can help new 
developers working on appli- 
cation modernization to move 
applications to a SOA environ- 
ment or the .NET Framework 



because it doesn't require 
knowledge of mainframe lan- 
guages or applications. 

Clerity, founded in 1993, 
is a mainframe migration com- 
pany that focuses on code 
assessment, post-production 



application maintenance, and 
other tasks. 

Clerity acquired Sun Micro- 
systems' mainframe rehosting 
business in 2006. That was how 
Clerity brought in UniKix, said 
Cameron Jenkins, COO of 



Clerity. Approximately 30-40 
employees migrated from Sun 
to Clerity. Prior to acquiring 
Sun's mainframe rehosting 
business, Clerity did business 
mostly in application modern- 
ization. I 




What are you looking for in a PDF solution? 



Amyuni PDF Suite 4.0 New Features 

■ Support for a wider range of PDF files such as 
PDF 1.7 and the compressed XRef table format. 

- The addition and extraction of attachments to 
and from PDF files. 

■ Exporting capabilities of PDF files into XAML to 
view from a Web page with Silverlight controls. 

■ Updated PDF/A engine ensures Acrobat 9 
compatibility. 

■ Improved file processing speed of PDF files that 
contain large graphics. 

JPEG2000 compression in addition to 
decompression. 
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PDF Converter 

- Certified for Windows 7 and Windows 2008. 

- Generation of layered PDF files for CAD and other applications. 

- Improved support for CJK languages and custom CMAPs. 

■ Generation of industry standard PDF/X-1 and PDF/X-3 PDF files. 

- Resaving capabilities of PDF files using PDF 1.4, 1.5, or 
PDF/A formats. 

PDF Creator 

- Loading, creation, and display of layered PDF files. 

■ CJK file support, with the ability to specify the location of 
custom CMAPs. 

Text anti-aliasing for better on-screen legibility. 

Internal PDF file structure access through comprehensive class 
architecture. 

- The ability to print a single page to multiple sheets or multiple 
pages to a single sheet. 



www.amyuni.com 



USA and Canada 

Toll Free: 1 866 926 9864 

Support: (514) 868 9227 

Info: sales@amyuni.com 



Europe 

Sales: (+33) 1 30 61 07 97 

Support: (+33) 1 30 61 07 98 

Customizations: management@amyuni.com 
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Governance System finds 
changes in app environs 



BY DAVID WORTHINGTON 

AmberPoint has announced Governance 
System, a SOA governance solution that 
is designed to automatically discover 
changes in customers' application envi- 
ronments, and to provide automated 
policy enforcement. 

Governance System, announced in 
December, connects with portfolio man- 
agement systems and registries to dis- 
cover information about applications, 
explained Dhruv Gupta, vice president 
of product marketing and management 
at AmberPoint. 

The discovery extends beyond ser- 
vices to non-service "cast members" in an 
application, such as software configura- 
tion management systems (SCMs), secu- 
rity settings, application servers and virtu- 
al machines, Gupta added. Customers 
can also define data types for discovery. 

The result, Gupta said, is that gover- 
nance gives visibility into all life-cycle 
stages in the environment. A console 
shows which life-cycle stage an object 
belongs to. There may also be produc- 
tivity benefits, according to one analyst. 



"Transactions and dependencies are 
discovered versus [being] manually 
modeled, a real time-saver," said Julie 
Craig, research director at research firm 
Enterprise Management Associates. 

"One key value-add is that this dis- 
covery also identifies changes in config- 
urations. Change is a constant thorn in 
IT's side, as so many application and 
infrastructure-related changes break 
production systems." 

AmberPoint also provides RESTful 
(representational state transfer) APIs to 
enable existing processes to call out to 
Governance System to obtain informa- 
tion about the application environment. 

Integration with SCMs, Craig added, 
enables Governance System to pull in 
dependencies from custom software into 
the overall service model. "It can 
become part of a CMDB [Configuration 
Management Database], a central 
repository depicting enterprise assets 
and their interrelationships," she said. 

Once that information is collected, 
the product can automate policy-based 
governance and reporting. That enables 



Instantly Search Terabytes of Text 

♦ Built-in file parsers and 
converters highlight hits in 
popular file types 

♦ 25+ full-text and fielded data 
search options 

♦ Spider supports static and 
dynamic web data; highlights 
hits with links , formatting 
and images[intact 

♦ API supports -NET, C++, SQL, 
Java, etc. -NET Spider API 

Content extraction only 
licenses also available 




Bottom line: dtSearch manages 
a terabyte of text in a single 
ndex and returns results in less 
than a second" — InfoWorld 

dtSearch "covers all data 
sources ... powerful Web-based 
engines" -eWEEK 

"Lightning fast ... performance 
was unmatched by any other 
product" — Redmond Magazine 

For hundreds more reviews, and hundreds of 
developer case studies, see www.dtSearch.com 



Fully-Functional Evaluations 

1-800-IT-FINDS • www.dtSearch.com 

The Smart Choice for Text Retrieval® since 1991 
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AmberPoint Governance System automatically discovers and gives visibility to which stage in 
the application life cycle an object belongs. 



users to track, manage and govern trans- 
actions with very little manual configura- 
tion or ongoing maintenance, Craig said. 
"We are working on a more agile 
approach to how governance is 
occurring," said Gupta. "The auto- 
matic collection of information 
allows for broader types of policies 



and what things [a policy] can be 
applied to." 

The AmberPoint Governance Starter 
Kit begins at US$25,000. It includes 
AmberPoint Governance System for two 
CPUs, an SDK, and training and consult- 
ing services, according to the company. 
Beyond that, pricing is $5,000 per CPU. I 



IBM takes wraps off 'smarter' 
software development initiative 



BY DAVID RUBINSTEIN 

IBM is advancing its "Smarter Planet" 
initiative with a three-pronged software 
and services effort designed to align the 
business needs of an organization and 
the software it creates and uses. 

On the systems management level, 
organizations need a high-level view of 
their architecture to meet business 
goals. "You need to know what you do 
today, what you'll need tomorrow, and 
how to close that gap," said Kurt Sand, 
program director of Rational systems 
strategy at IBM. 

As part of the new initiative, detailed 
in December, IBM announced that it 
has integrated its System Architect tool 
with Rational Focal Point, which pro- 
vides deep analysis that decision-makers 
can use. "We want to apply some smarts 
to prioritize which of the gaps to fill," 
Sand said. 

Further, System Architect is integrated 
with Rational Insight, a reporting solution 
built on top of IBM's Cognos software. 
System Architect now can deliver a matrix 
view of the system across multiple enter- 
prise architectures, Sand explained. 

For development teams, the company 
has tied its Rational Rhapsody modeling 
tool to Rational Quality Manager for a 
more collaborative approach to software 
design and testing, bringing developers 



and system engineers together, Sand said. 

Also, Rational Software Architect for 
WebSphere was created to help devel- 
opers model and design services as part 
of a service-oriented architecture, even 
if they have no experience with SOA, he 
said. He added that IBM is contributing 
to the effort to create SoaML (service- 
oriented architecture markup language) 
and to get it accepted as a standard for 
development. 

Finally, IBM is giving more function- 
ality to its Rational Doors Web Access 
software, allowing users to create 
requirements and add traceability links 
via a Web interface, which Sand said 
would "extend its reach beyond require- 
ments engineers." 

The new effort, he emphasized, is "to 
help people deal with the complexity of 
building interconnected systems. Today's 
systems are becoming broader in scope, 
as organizations build out a device and 
then write an IT application for it. This 
requires regular communication between 
systems architects, engineers and devel- 
opers, and the software is designed to 
help developers on both [systems and IT] 
sides of the ecosystem." 

Doing software design up front for 
maintainability, and reducing costs asso- 
ciated with software, are keys to smarter 
software development, Sand said. I 
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Get the most comprehensive file coverage from 
any ofAsposc's 4 Award Winning Suites 

Aspose provides extensive file format processing capabilities for some of the most popular file formats including: 



DOC DOCX 

XLSX CSV 



WordMl OOXMI ODF 



SpreadsheetML XLS 
POT SWF & More... 



The ever expanding list of features now includes the ability to Read, Write, Convert, Print, View, and Render for 
a variety of platforms including .NET, Java, SQL Server and JasperReports. Extensitve File Format Processing 
coupled with unmatched performance, reliability and an award winning customer support makes sure you 
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logon to www.aspose.com 

and get your free evaluation copy right now! 
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Intersoft adds editors, themes to .NET Ul suite 



BY DAVID WORTHINGTON 

Even though the season for 
decking the halls has passed, 
developers that purchase 
Intersoft Solutions' WebUI 
Studio 2009 R2 .NET compo- 
nent suite will still have the 
opportunity to deck out their 
applications with its new edi- 
tors and themes. 

WebUI Studio 2009 R2 
became generally available in 
December. The release targets 
the presentation layer of 
ASP.NET and Silverlight appli- 
cations, according to the com- 
pany. The full ASP.NET and Sil- 
verlight suite costs US$1,599. 
The ASPNET-only edition 
costs $1,299, while the Sil- 
verlight controls start at $799. 

Intersoft s Web Scheduler 3 
calendar control offers an 
assortment of new themes and 
XHTML support for styling. 
The update is not only about 
looks: Developers can also cus- 
tomize the calendar with 
defined data ranges and time 
intervals, from 15 minutes to 
one hour. 

At a lower level, the sched- 
uler's rendering engine has 
been outfitted with a new pag- 
ing method that improves page 
load speeds. Response time is 
also increased through the use 
of JSON (JavaScript Object 
Notation) for messaging. 

An SQL Wizard helps devel- 
opers prepare a database for 
WebScheduler, automatically 
generating table structures and 
scripts. 
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WebGrid Enterprise 7, the 
suite's grid component, now 
offers a Windows 7 theme 
option, as well as other themes 
designed by Intersoft. An edi- 
tor pack plugs a pack of com- 
ponents into the grid, includ- 



ing a calendar function that has 
a date picker, and integration 
with WebTextEditor, Inter- 
soft's flagship rich text editing 
component. 

Other features include a 
Windows 7-style column 



action user interface, 
tomizable column context 
menu, batch update client- 
side events, an improved 
designer, and XHTML render- 
ing support, according to 
the company. A component 



designer is provided to make it 
easier for developers to cus- 
tomize properties. 

Lastly, Inter soft's Web Input 
data entry control has new 
options for selecting a range of 
dates with fewer steps. I 
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Touch/Gesture-Enable Your Apps with Ease - cutting-edge 
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Fast Apps Faster - over 1 20 productivity enhancements including IDE 
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Get Free Trials 

www.embarcadero.com 



Working with Java ™, PHP, Web applications, or databases? 

Embarcadero can help. With state-of-the-art tools like JBuilder®, J Optimizer, Delphi® for PHP, 
TurboRuby®, InterBase, plus its premier line of multi-platform database design, development, 
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An opening for closures in OpenJDK 



< continued from page 1 

ed and immutable. 

"Leveraging multiple cores 
requires writing scalable parallel 
programs, which is incredibly 
hard," he said. "Tools such as 
fork/join frameworks based on 
work-stealing algorithms make 
the task easier, but it still takes a 
fair bit of expertise and tuning. 
Bulk-data APIs such as parallel 
arrays allow computations to be 
expressed in terms of higher-lev- 
el, SQL-like operations (e.g., fil- 
ter, map, and reduce), which can 
be mapped automatically onto 
the fork-join paradigm. 

"Working with parallel arrays 
in Java, unfortunately, requires 
lots of boilerplate code to solve 



even simple problems. Closures 
can eliminate that boilerplate." 

Gilad Bracha, Neal Gafter, 
James Gosling and Peter von 
der Ahe have already coau- 
thored a draft proposal for clo- 
sures in Java, and a healthy 
debate has taken place on both 
that blog and around the Open- 
JDK community. 

ELSEWHERE IN OPENJDK 

All this extra time in the Open- 
JDK development schedule 
means that many other projects 
will have time to expand their 
implementations before release. 
Many of these efforts are 
attempts to address longtime 
concerns from users over Java. 



Project Coin, for example, is 
an effort to find and make small 
language changes to Java, though 
the discussion around this pro- 
ject of late has focused on the 
actual semantics of a closure 
implementation. But other ideas 
have been proposed under Pro- 
ject Coin, such as Joseph Darcy s 
addition of strings in switch. 

The Da Vinci Machine Pro- 
ject, on the other hand, is an 
effort to add first-class language 
support to the JVM. JRuby and 
Jython already allow Ruby and 
Python code to run in a JVM, 
but the Da Vinci Machine Pro- 
ject seeks to add specific modifi- 
cations to the JVM to make oth- 
er languages run on the JVM at 



the same speeds as Java itself. 

Project Jigsaw, meanwhile, 
might not be completed in time 
for OpenJDK 7. This effort, 
based on JSR 294, seeks to mod- 
ularize Java, with the goal of 
allowing portions of Java to be 
used without needing an entire 
Java stack. It would also make it 
easier to build new modules and 
functionalities for Java as a plat- 
form. The project has been in 
the works for over three years 
now, and an alpha-quality binary 
of a modular Java component is 
available only for Ubuntu Linux. 

The alpha-quality Java pack- 
ages install Java components for 
use on the base JDK, AWT and 
Swing. I 



Telerik engine automates 
Ul testing for Silverlight 



BY DAVID WORTHINGTON 

Telerik, a component maker, 
has expanded its WebUI Test 
Studio to provide automated 
user interface testing for Sil- 
verlight. 

WebUI Test Studio 2, 
released in December, is the 
result of collaboration between 
Telerik and quality assurance 
software developer ArtOfTest. 

The testing software, which 
costs US$2,499 per machine, 
offers the same product fea- 
tures for Silverlight as it previ- 
ously did for ASP.NET AJAX, 
said Todd Anglin, Telerik s chief 
evangelist. 

A UI object model allows 
QA professionals to target a 



specific element in Silverlight, 
Anglin said. A 3D elements 
viewer provides a "fly-out ele- 
ment selector," he added. "It is 
easy to peel back the layers in a 
codeless, visual way." 

WebUI has integrated trans- 
lators for Telerik's Telerik Rad- 
Controls for Silverlight. 

There is likewise integrated 
support for testing on several 
major browsers, now including 
Apple's Safari. 

The testing engine abstracts 
away differences among com- 
peting browsers so that devel- 
opers only need to write a sin- 
gle test that is executed against 
each supported browser, 
Anglin explained. 
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WebUI Test Studio uses a 3D elements viewer to allow QA developers to 
target specific elements in Silverlight. 



WebUI is built on top of the 
WebAii Testing Framework, a 
free code-based solution devel- 
oped by the companies. 

The difference between 
WebUI Test Studio and the 



framework is that WebUI is a 
"visual point-and-click-exer- 
cise," whereas developers need 
to write code against an API to 
create UI tests for the frame- 
work, Anglin explained. I 



White House opening up on the Web 



< continued from page 1 

available to the people. He said 
that offering machine-readable 
data in open and non-propri- 
etary formats is a primary goal 
for the administration. 

He took the stage with Anil 
Dash, cofounder of blogging 
software company Six Apart, and 
now the head of a new non-prof- 
it, Expert Labs. Dash said that 
Expert Labs is building an Inter- 
net presence that will connect 
policy makers in Washington 
with domain experts online, 
beyond the few members of 
think tanks that typically have 
input into policy discussions. 

Dash said Expert Labs seeks 



to replicate Dell's famous idea- 
generation program, where its 
customers could suggest new 
business ideas online. That effort 
by Dell led the hardware maker 
to begin offering computers pre- 
installed with Ubuntu Linux. 

But bridging the gap between 
Washington and outside exper- 
tise is difficult because of end- 
user license agreements 
(EULAs) that do not take the 
needs of the government into 
account. Even public social net- 
working sites such as Facebook 
and Twitter have EULAs that 
may be incompatible with gov- 
ernment use, McLaughlin said. 

For example, many EULAs 



heap liability on the user and 
invoke state laws to resolve liabil- 
ity disputes. The federal govern- 
ment, said McLaughlin, cannot 
be bound by state laws and is 
averse to having liability pushed 
onto its employees simply for 
using an application. 

"I'm one of only five people 
at the White House who can 
access Twitter and Facebook," 
said McLaughlin. 

To help resolve EULA 
issues, McLaughlin highlighted 
the new apps.gov site, where 
companies can find instructions 
for amending their EULAs to 
make them acceptable to feder- 
al agencies. Once applications 



are licensed in a way that is 
compatible with government 
use, companies can list them on 
apps.gov, where employees are 
encouraged to find new tools. 

McLaughlin said that there 
is still a lot of work that needs to 
be done to modernize the fed- 
eral government's aging infra- 
structure. But he said that fed- 
eral employees are just as quick 
to embrace effective new tools 
as the rest of America. 

He pointed out that the CIA 
already uses wikis to collect and 
prepare intelligence, and that 
the White House is using open- 
source blogging software, Dru- 
pal, on its official website. I 



New Windows 
Forms chart 
varieties come 
from GrapeCity 

BY DAVID WORTHINGTON 

.NET tool maker GrapeCity is 
releasing a new version of Far- 
Point Spread for Windows 
Forms that offers new chart 
varieties and expanded design 
capabilities. 

FarPoint Spread for Win- 
dows Forms 5 is a single com- 
ponent that combines the func- 
tionality of charting, grids and 
spreadsheets. It was released in 
December. 

This release includes a chart 
with 85 different styles. Devel- 
opers use a built-in tool to 
design charts that are integrat- 
ed into the form; FarPoint then 
generates the code and objects, 
said GrapeCity director of 
product marketing Donald 
Williamson. 

The FarPoint designer now 
offers an interface that resem- 
bles the Microsoft Office Excel 

2007 ribbon. Its new features 
include support for designing 
charts, as well as lossless editing 
of Excel documents. 

"In the past, Excel features 
that were not supported were 
thrown away. [Developers] 
made changes and saved Excel 
documents back out, and those 
things were gone," said Sean 
Lawyer, product manager of 
Spread for Windows Forms at 
GrapeCity. FarPoint 5.0 pre- 
serves Excel files and restores 
functionality that it does not 
support (such as pivot tables 
and custom VBA code) when 
files exit the component, he 
explained. 

The designer also has a new 
wizard that is intended to save 
developers time during com- 
mon use cases, such as binding 
a control to a Microsoft SQL 
Server database. "We step you 
through the process of doing 
that, and even create the data 
source for you," Lawyer said. 

Full pricing for FarPoint 
Spread for Windows Forms 5 is 
US$999 per developer, and 
upgrades cost $599 per devel- 
oper. Customers now have the 
option to purchase site licenses 
as well. 

It works with Visual Studio 

2008 and will support the 
upcoming release of Visual Stu- 
dio 2010. I 
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Software providers are tweaking their tool sets to help businesses 
get a handle on faster iterations and increased collaboration 



BY JEFF FEINMAN 



JM gile development is spreading like 
^WU wildfire through the ranks of 
^^^^H£ development teams, and applica- 
J^^^^^Jtion life-cycle management soft- 
JK ™ ware providers are taking notice. 
j With the industry's focus on faster product 
releases, organizations are adopting the just-in- 
time mentality and greater collaboration that 
agile brings. As a result, many ALM companies 
tweaking their software with features 
such as agile templates and user story 
management to meet these 

demands. 

ALM is moving more toward 

universal interface for 

project management, 

and mov- 




ing away from individual pieces of management 
software that were the norm in traditional devel- 
opment environments, where projects could last 
anywhere from 18 to 24 months. 

To track these long projects, there would usu- 
ally be three different repositories for storing 
requirements, tests and defects. Singular pieces 
of software were created to manage each differ- 
ent life-cycle task. Teams would then usually 
glue a project manager, such as Microsoft Pro- 
ject, onto the cycle for reporting, but it wasn't 
common for people in different roles, such as 
QA testers and coders, to stay informed on what 
each person was working on during a project. 

"Projects were long, so we could afford to 
manage requirements, test and defects with 
separate tools," said Richard Leavitt, executive 
vice president of worldwide marketing for Ral- 
ly Software, who has held positions with com- 
panies such as Hewlett-Packard, IBM Rational 
and Serena Software in the past. "However, 
these things were highly disconnected from 
each other. We'd have legions of people trying 
to stitch together status reports." 

HP's Mark Sarbiewski, senior director of 
product marketing, referred to the waterfall 
method as "very much command-and-control, 
with these discrete phases. It's not like you 
couldn't be successful in that, but it wasn't right 
for all types of projects for sure." 

TIDE TURNS TOWARD AGILE 

However, with the rise of agile development 
methodologies, the development cycle has 
shrunk dramatically. Teams might have a three- 
month release divided up into six iterations, 
rather than the 18-month projects of the past. 
The roles of professionals involved in different 
aspects of the life cycle are changing as well, as 
developers carry out test-driven development 
and adopt a planning-on-the-go approach. 

As part of these shifting roles, barriers 
between developers and QA are disappearing. 
A QA tester, for instance, can kick off a build 
because he needs to test a bug fix that the engi- 
neer built. An engineer can check in code and 
run tests based on the code he or she changed. 
continued on page 24 ► 
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Software providers are tweaking their tools 



< continued from page 23 

The tasks of builders, QA 
testers and other ALM contrib- 
utors are beginning to cross- 
pollinate as project manage- 
ment becomes more accessible. 
"From the very beginning of 



a sprint planning session, 
there's a member of QA sitting 
in the meeting room," said 
Paula Rome, Seapine's director 
of product management. "In 
the waterfall process, that's not 
always the case. QA doesn't get 



on board until much later in the 
process. With agile, people are 
designing with quality in mind 
at the beginning." 

Tools are evolving as well. 
Agile calls for a "centralized 
cockpit" to manage the various 



life-cycle stages from one con- 
sole, according to Victoria Grig- 
gs, senior director of product 
marketing for CollabNet. This 
one main project manager 
allows everyone on a team to 
stay updated on what their 




Today's hackers are hoping that you don't. You must be inventive 
in devising ways to help your application deter against threats. 
(ISC) 2 ® is focusing on ensuring software is built securely with 
the Certified Secure Software Lifecycle Professional 

(CSSLP®). Learn how to implement security measures within 
each phase of the software lifecycle by attending a CSSLP 
Education Program available worldwide, then prove your 
knowledge with the CSSLP exam and become an (ISC) 2 member. 
Mother Nature gives every member of animal kingdom ways to 
protect itself. We can learn a lot from her. 




cohorts are working on, and it 
minimizes manual handoff 
between developers, testers 
and other professionals. 

"In the classic waterfall 
approach, those types of hand- 
offs were happening at every 
iteration," Griggs explained. 
"There's no longer the luxury of 
being able to track the require- 
ments you're storing in one sys- 
tem. There's an overwhelming 
need to have the type of cockpit 
that has a view into other sys- 
tems that might still be run- 
ning." 

Scott Ambler, IBM's practice 
leader of agile development, 
agreed that agile environments 
necessitate one main project 
management piece of software. 
Individual tools to manage 
requirements and testing are 
still used today, but Ambler said 
they don't get the job done in 
complex environments. 

"What you find is that point- 
specific tools, which are very 
good by themselves, struggle to 
get the job done in totality," he 
said. "You end up doing a lot of 
extra work because there will 
be traceability problems and 
defects being injected." 

Rally's Leavitt added that 
with agile development, the 
amount of project details that 
developers have to manage is 
"microscopic" because cycles 
are much shorter compared to 
what was the case in the past. 
Software that was managing 
thousands of pieces of inventory 
in traditional software methods, 
such as defects and other project 
artifacts, is now managing mere- 
ly dozens, so the purpose of the 
tooling changed a lot, he said. 

"Agile development also 
involves scheduling that direct- 
ly ties to the requirements, and 
defects and testing will be tied 
to scheduling," Leavitt said. 
"Tools need to be integrated. 
There will be a common inter- 
face, and there will be visibility 
about the status of all inventory 
items. Everyone involved in 
requirements, defects and test 
knows about each other. That's 
a dramatic change." 

Even if a team isn't com- 
pletely submersed into agile 
development (which is the case 
for many organizations, accord- 
ing to several ALM providers), 
they still may be looking to 
make parts of their process 
more agile. Anders Wallgren, 
CTO of Electric Cloud, noted 
that one possible hindrance to 
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to get a handle on faster iterations 



agile adoption for some devel- 
opers and organizations is that 
they are much more willing to 
bring in a new tool than bring in 
a whole new process. 

"If I hear about this thing 
called agile, I'll say, 'Well, 
where do I buy the agile soft- 
ware package?' And it's a little 
more difficult to get people to 
change their processes," Wall- 
gren said. "There's politics 
involved and the normal human 
drama of change. But once the 
tools start to appear that we're 
using to make ourselves more 
agile, I think the transition from 
one team to another will help 
people make that change." 

Some companies might not 
move to agile because they're 
working on projects that are 
more appropriate for a tradition- 
al waterfall method, such as pro- 
jects that involve government 
regulation. Jeff Johnstone, 
senior director of sales with 
TechExcel, said organizations 
designing software systems for 
something like nuclear power 
plants spend many months 
defining requirements and get- 
ting government approval on 
those requirements. 

"Typically, they are compa- 
nies that are producing prod- 
ucts or systems that need to be 
extremely well-defined up front 
because of regulations," John- 
stone said. "Regulated indus- 
tries oftentimes need to have 
waterfall. They usually have to 
prove that what they deliver 
actually matches what was laid 
out at the requirement level, 
and they have to show that 
those requirements haven't 
changed, or show what those 
changes were." 

However, believing that reg- 
ulatory industries must only use 
the waterfall method is a "false 
assumption," according to 
IBM's Ambler. Ambler talked 
about a project he was brought 
in to assess around software 
being created to support a new 
drug. The software was being 
created to keep an eye on the 
clinical trial and to process data, 
and Ambler said they had suc- 
cess doing agile with a project 
involving relatively complex 
regulations. 

"The development team was 
doing agile, working in short 
iterations and working side-by- 
side with business stakehold- 
ers," Ambler said. "Being in a 
difficult or uncomfortable situ- 
ation isn't an excuse not to be 



gile: 

ALM TAKES ACTION 

So as agile methodologies short- 
en release cycles and pull back 
the curtains separating QA 
testers, developers and other 



members of a development 
team, ALM providers are mak- 
ing sure their software is catering 
to this more open collaboration. 
CollabNet's Griggs said it is 
important for ALM providers to 
remember they're providing an 



ALM platform, not an agile 
point tool. However, that ALM 
platform needs to be able to 
provide "world-class agile" 
while also being supportive of 
other methodologies. 

What has driven the last sev- 



eral revisions of Electric Cloud's 
ElectricCommander in terms of 
adapting to agile development is 
the need to be able to integrate 
any tool, any platform and any 
geography into one system. 

"We've developed Electric- 
Commander to allow you to 
integrate basically anything on 
continued on page 26 ► 
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the backend very easily," said Mike 
Maciag, CEO of Electric Cloud. "Plat- 
forms have gone from a system under 
your desk to virtual environments, cloud 
environments and embedded platforms. 
So the system has had to evolve to sup- 
port any platform." 

Executives of Elementool, a software- 
as-a-service project management compa- 
ny, said the company's software-as-a-ser- 
vice model allows it to update tools more 
easily to better cater to agile develop- 
ment. Yaron Sinai, CEO and founder of 
Elementool, said the company will soon 
improve reporting functions and let 
developers customize their welcome page 
to view only the information they need. 

"All Elementool ALM tools are inte- 
grated, so the development teams can 
easily switch back and forth, linking 
detailed notes and generating reports 
across tasks like issue tracking and test 
cases," Sinai said. "Beefing up history 
trails and integrated forums has let users 
hand off tasks easily from one developer 
to another as assignments change." 

HP offers the Agile Accelerator, 
which was built as an agile project man- 
ager within HP Quality Center suite. 
Agile Accelerator has pre-built agile user 
roles, along with agile process workflows 
and configurations. It also facilitates 



agile reporting so developers can track 
the performance of each iteration. 

"When user requirements are 
mapped out, people walk through the 
process with Agile Accelerator," HP's Sar- 
biewski said. "That automatically triggers 
the set of tests that need to be built and 
specified. Those tests are linked to these 
user stories and requirements. When the 
tests are executed, the system obviously 
records that and defects are found, and it 
all links together." 

IBM's Ambler said the Jazz platform 
has been his company's response to 
changes induced by agile development 
in ALM. The Jazz platform lets everyone 
work from the same repository. For 
instance, a requirements analyst can use 
Rational Requirements Composer to 
view requirements and user stories, and 
programmers using Rational Team Pro- 
ject could pick that information up, 
Ambler explained. 

"In agile, you require software that 
allows you to automate as much of the 
status reporting as possible," Ambler 
said. "As an individual on the team, I 
need to know what the team is up to, but 
I need to know my work for this iteration 
and the dependencies around it. Jazz 
can show you who on the team is cur- 
rently available, which can be good for 
distributed teams." 
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tweaking their tools for faster iterations 



MKS, meanwhile, has a 
process-agnostic approach, and 
it doesn't focus on attempting to 
"implement a given methodolo- 
gy for methodology's sake," 
according to John Cull, vice 
president of customer solutions. 
Cull said that MKS Integrity 
offers an agile framework 
because it is customizable to the 
project or application at hand, 
but MKS hasn't made any fun- 
damental product changes 
because of agile. 

"The impetus isn't on agile 
itself," Cull said. "There's been 
a number of other methodolo- 
gies prior to agile that allow you 
to get to market fast. Agile is 
certainly the hottest buzzword 
right now, but there have been 
many methodologies that have 
preceded it." 

Rally, which was formed in 
2002, started up with recogni- 
tion that inventory manage- 
ment software from the 1980s 
and 1990s were "completely 
inadequate for operating at a 
much faster pace," said Leavitt. 
So when creating products, the 
company made sure require- 
ments, test and defects were 
connected tightly to planning 
and tracking. 

"Operating at this pace 
changes everything," he said. "If 
you talk to vendors of version 
control software or build envi- 
ronments, you'll hear this also. I 
grew up on some teams where 
building your software took all 
weekend long, but now you can 
do several builds a day. Unit tests 
used to take weeks, but now if it 
takes more than a few minutes, 
people will get frustrated." 

Seapine's Paula Rome said 
that Seapine makes sure that 
the products it provides are 
consistent with the terminology 
of agile development. She said 
people need to get comfortable 
with terminology like "user sto- 
ry" and "sprint," and Seapine 
has to ensure it is using the 
same language as the user. 

"If you're not calling some- 
thing the same thing as your tool, 
there's some cognitive disso- 
nance," Rome said. "Being able 
to call things with the names you 
use locally helps speed adoption 
and reduces some confusion." 

TechExcel's DevSpec links 
requirements to a sprint, and as 
developers do their review at 
the end of the first sprint, they 
have a better idea of what that 
product is going to be, accord- 
ing to Johnstone. Every time a 



requirement is revised in 
DevSpec, everyone on a team 
can see what revisions happen 
and keep abreast of the current 
state of the requirement. 

Much like Rally, Thought- 
Works Studios bases its ALM 



philosophy around agile with its 
Mingle agile project manager, 
which has drag-and-drop virtu- 
al card walls where team mem- 
bers can write notes to one 
another, along with wikis and e- 
mail alerts. 



Agile development has set 
itself deep into the conscious- 
ness of development teams all 
over the world, and many of the 
company representatives inter- 
viewed for this story confident- 
ly said that 100% of their cus- 



tomers are at least thinking 
about adopting agile practices. 

"You may not buy into the 
whole enchilada," said Electric 
Cloud's Wallgren. "You might 
pick and choose some of the 
practices that make sense for 
you as an organization or team. 
But the awareness has defi- 
nitely spiked in the last couple 
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FROM THE EDITORS 

Coming together over agile 

The growth of agile development practices has turned the software 
development life cycle on its ear. 

As the special report in this issue spells out, the way requirements are 
gathered has changed. In agile shops, no longer do business analysts 
spend months working with the customer to develop a huge require- 
ments document that can only be changed at great cost. Agile processes 
demand that practitioners accept, even embrace, changing requirements 
throughout the project's life. 

The way testing is done has changed. No longer do QA teams wait for 
a completed project to run their tests, when finding defects is most cost- 
ly. Programmers working in agile environments are using tests to drive 
development, performing unit tests and functional tests as they go. 

The way code is built has changed. No longer are overnight batches 
run so that development teams must spend half their morning decipher- 
ing build reports. Continuous integration has become the coin of the 
agile realm. 

Even the way code is written has changed. Developers are working 
more collaboratively than ever — even those separated by great geo- 
graphic distances — to produce working code under shorter iterations. 

Yet for years, we've been chronicling the disconnect between what 
developers say they need and what tool makers are selling. This time, it 
seems, the tool makers are getting it right. Many tool suites now include 
critical project management components for tracking work and assets, as 
well as "social" tools such as wikis, profiles and messaging. Testing and 
build tools are evolving to meet the needs of developers now producing 
pieces of projects that must work together with the whole, and be 
changed as needed without breaking the software. 

The response by software tool providers to this changing development 
landscape will push the adoption of better development practices even 
further, and that's a win for all concerned. 



+ 



1 for binary XML format 



We're pleased to see that Efficient XML Interchange has reached an 
important milestone. As XMI becomes a W3C Candidate Recom- 
mendation, let's pause and look back at the evolution of the Extensible 
Markup Language. 

XML's roots go back to SGML, the Standard Generalized Markup 
Language. HTML is one derivative or subset of SGML; XML is anoth- 
er. In its early days, it was important for XML documents to be human- 
readable. Encoded with easy-to-understand tags, XML documents could 
be proofread and understood both by people and parsers. 

But then XML documents began to grow. And grow. As they became 
more complex, those super-verbose documents became incomprehensi- 
ble to humans and more difficult to parse. XML files also became big 
enough as to require significant bandwidth for transmission — a trivial 
matter on local-area networks, a minor concern for broadband wide-area 
networks and the Internet, and a major problem for mobile devices. 

Binary file formats were the obvious solution to this growing prob- 
lem. Binary files are smaller and require less bandwidth and storage 
space. If correctly constructed, they could be easier to parse than stan- 
dard XML as well. A binary file's inability to be directly interpreted by 
humans wasn't a significant issue, but the possibility for the imposition 
of proprietary extensions or encodings could be catastrophic by sub- 
verting the openness of XML. 

SD Times has always been opposed to binary XML formats presented 
by vendors or vendor consortia. To be acceptable, binary XML had to be 
based on legitimate open standards. While XMI is derived from a ven- 
dor-proposed binary format (AgileDelta's Efficient XML format), the 
W3C is creating a truly open standard that offers significant advantages 
over plain-text XML. XMI is a good move for our increasingly mobile 
universe and an excellent step forward in the evolution of XML. I 



All the Web's an API 



Mark O'Neill 



Software development for the cloud 
often involves coding against Plat- 
form as a Service (PaaS) services provid- 
ed in the cloud. These PaaS services 
often are provided in tandem with Soft- 
ware as a Service (SaaS) websites, with 
Salesforce's Force.com being a well- 
known example. But how can you lever- 
age these PaaS services without becom- 
ing tripped up by security and 
service management? 

The idea of using Web- 
based APIs is not a new one. In 
the past, we would have thought of it as 
screen-scraping a website. This was the 
enabling technology behind early sites for 
comparing airline prices from multiple 
airline sites, or combining search results 
from multiple search engines. 

The problem with screen-scraping is 
that website owners didn't necessarily 
want their sites turning into an API. They 
didn't want their data to be harvested, so 
they tried to stop it. However, early mea- 
sures, such as limiting access by client IP 
address, were easily defeated by tools. 

Another issue is that screen-scraping 
is brittle; a small change in the site's look 
or feel could break the data access meth- 
ods. That's where the concept of the 
managed Web API was born. 

Web APIs would allow developers to 
write code to access a website program- 
matically, using HTTP GETs and para- 
meters within query strings, but in a man- 
aged manner that benefits both the client 
and the service provider. For the client, a 
standard interface enables applications to 
be written to a well-defined interface, 
safe in the knowledge that the API will 
not change unpredictably. For the 
provider, management of the API 
through rate limiting puts a virtual "cir- 
cuit breaker" on the API usage, prevent- 
ing overuse by a single client. 

Web APIs are PaaS services that 
allow a developer to use the Web as a 
platform, creating an application from 
pieces of functionality source d from the 
cloud. Service providers can monetize 
their services by putting a usage and 
pricing model into place. 

The convention for managing Web 
APIs is to use an API key. Developers are 
given an API key (or in the case of Ama- 
zon, two keys), which are used for the 
identification and authentication of 
requests sent to the Web API. Sites pro- 
viding APIs also provide snippets of code 
in various languages (such as PHP, Java or 
C#) that let developers use the keys. 

This code handles the creation of a 
keyed-Hash Message Authentication 
Code (HMAC), which accompanies the 
request to the Web API. The HMAC 
serves two purposes: ensuring the 
integrity of the request to the Web API 
(ensuring the request has not been tam- 
pered with), and ensuring the authenti- 
cation of the client sending the request. 



Guest View 



Authentication, therefore, is based on 
proof of possession of the API key. 

Amazon has a different model in that 
it provides two keys. Readers familiar 
with Public Key Infrastructure (PKI) 
may assume that these two keys are pub- 
lic and private keys that are linked 
together as an asymmetric key pair. 
However, they are not public and private 
keys in the sense of RSA or 
DSA algorithms. 

One key, called the Access 
Key ID, is used as an identifi- 
er, identifying the party that is accessing 
the Amazon service. It is similar in con- 
cept to a username, and it may be sent in 
unencrypted requests. Indeed, when the 
Amazon S3 cloud service is used for 
online storage, the Access Key ID forms 
part of the URL and may be recorded by 
Web infrastructure between the client 
and Amazon. Its main purpose is for iden- 
tification, not authentication. 

In Amazon's model, the second 
Secret Access Key is used for message 
authentication. It is used to create a 
spell-out word (HMAC), which provides 
proof of possession of the Secret Access 
Key. The Secret Access Key can be 
thought of as a shared secret between 
Amazon.com and the developer who is 
using Amazon resources. By using the 
Secret Access Key to create the HMAC, 
the developer proves that they have 
access to the shared secret, and there- 
fore has proof of possession. 

Because usage of the cloud services is 
billed to the developer, it is vital that the 
Secret Access Key does not fall into the 
wrong hands. Otherwise, a large bill may 
be run up. If a developer suspects that a 
Secret Access Key has been accessed by 
a third party, a new Secret Access Key 
can be generated online. 

On the face of it, it seems easy to cre- 
ate a Web API out of an existing website. 
A developer may look at the single API 
Key model, or even Amazon's more 
complex two-key model, and think, "I 
could do that." This is potentially a 
recipe for disaster. Let's examine why. . . 

Unless developers have security 
experience, they should be wary of 
rolling their own API Key-based man- 
agement system for their Web API. 
Consider replay attacks for example. If a 
request has a valid HMAC and is prop- 
erly formatted, it is let through. 

But what if the exact same request is 
received a second time from a different 
sender. Will it also be let through? This 
second request may be a request record- 
ed by a traffic sniffer running on a rogue 
wireless access point. Because API Key 
models do not use the back-and-forth 
handshaking of an authentication proto- 
col such as SSL-based authentication, 
they are particularly vulnerable to replay 
attacks if not implemented carefully. 

The important aspect is to include 
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unique data in the HMAC that will 
change for each request, such as a time- 
stamp. In that case, a message received 
with exactly the same timestamp will be 
under suspicion as a replay attack, and will 
be blocked. The client should then be 
notified regarding the unused key. In 
essence, blocking replay attacks puts extra 
work on the developer of the Web API. 

Additionally, if a user loses an API Key, 
it is up to the service provider to issue a 
new key. Ideally this should be provided 
as an online service. However, this means 
yet another identifier (such as a password) 
in order to identity the client. Before a 
developer knows it, they are building a 
full identity management system. 

Throttling is another aspect of Web 
API management that is easier said than 
done. It is performed in order to limit 
users to usage plans. Throttling is partic- 
ularly important for the freemium mod- 
el, which calls for general usage to be 
free, but capped at a particular rate. 
When users pay for usage, they are 
allowed higher rates of access. 

The success of the freemium model 
requires an enforcement point in place 
allowing for different rate plans. While 
doing this, it must not be vulnerable to 
denial-of-service. Additionally, when 
usage limits must be tracked across a 
bank of servers, management and moni- 
toring can quickly become complex. 

Developers may choose to imple- 
ment their own API Key model, enforce 
throttling, block replay attacks, and issue 
new keys to users whose keys are com- 
promised. If the service is being offered 
commercially, then service management 
must include the creation, modification 
and management of standard usage 
plans, each with different features sets, 
limits and pricing rules. 

By taking this approach, the developer 
may end up spending more time manag- 
ing the delivery of the service versus cre- 
ating the service itself. Rather than rein- 
venting service management, one possible 
solution to this problem is to leverage an 
off-the-shelf technology to manage APIs. 
Technology for managing Web service 
usage has existed for many years, and has 
been proven in high-volume deployments 
that are in the line of fire of production 
usage on a constant basis. This can be a 
much better option than trying to rein- 
vent service management and potentially 
running into security issues. 

API Keys are now established as the 
standard mechanism to manage Web 
APIs available in the cloud. However, 
management of these Web APIs is not as 
straightforward as it seems, and can 
quickly tie up a lot of development time. 
This time would be better spent devel- 
oping the service itself. By leveraging 
existing service management infrastruc- 
ture, a full-featured Web API service 
delivery platform can be more efficient- 
ly deployed. I 

Mark O'Neill is CTO of Vordel, which 
sells products to manage cloud computing. 



A decade of change since Y2K 



Zelchlck's Take 




Its been just about 10 years since the 
first digit of the calendar changed 
from a "1" to a "2." For those of us in the 
computer industry, change happened at 
a dizzying pace over the past decade — as 
it has for every decade since the 1950s. 
Think about the technologies that 
you rely upon today. You may be aston- 
ished to realize how few of 
them existed a mere 10 years 
ago, and those that existed 
were substantially different. 

• Check your pocket, belt or 
pocketbook. Do you see a 
smartphone? Ten years ago, if 
you had a mobile phone, it was 
pretty dumb. The current 
incarnation of the RIM Black- 
Berry came out in 2002, and 
Apple s iPhone was announced 
in 2007. Even the Motorola RAZR, a 
very popular non-smart phone, only 
came out in 2004. In 2000, I owned a 
Nokia stickphone. 

• A decade ago, open-source software 
looked very different. No Eclipse, no 
NetBeans. While the Apache Software 
Foundation was formed in 1999, the 
Apache HTTP server project started 15 
years ago in 1994. If you were a software 
developer using open-source software 
10 years ago, chances are that it came 
from the Free Software Foundation. 

• Microsoft's Visual Studio IDE was 
pretty new, having appeared in 1997 as a 
combination of Visual Basic 5.0, Visual 
C++ 5.0 and Visual J++ 1.1. Until that 
time, few people used a multi-language 
integrated development environment. 

• Speaking of Microsoft, if you had a 
desktop computer, it was probably run- 
ning Windows 98 or Windows 2000. If 
you were targeting Microsoft with your 
apps, COM was your friend and you 
were writing in C++ or Visual Basic. The 
.NET system, including C#, didn't 
appear until 2002 or later. 

• Or would you like some Java? The pro- 



ject began at Sun in 1990, and a decade 
ago we were using Java 2 Standard Edi- 
tion 1.2 and the brand-new HotSpot 
JVM. The Java Community Process only 
started two years earlier, in 1998. 

• If you're a Mac fan, the Macintosh in 
2000 was a Bondi Blue iMac G3, an 
iBook G3 or a PowerMac G4. The first 

incarnation of Mac OS X didn't 
appear until late 2000. Intel 
processors didn't show up on 
Macintosh until 2006. 
• The Internet looked very dif- 
ferent in 2000. No Facebook or 
Twitter, of course. No Cloud. 
Google, founded in 1998, was 
an up-and-coming search 
engine. The big worry was that 
Microsoft would dominate the 
Internet through its Internet 
Explorer 5 browser, which had pretty 
much destroyed Netscape Navigator. 
The Mozilla project had just launched, 
but Fire fox didn't appear until 2004. 

• Also new was XML, which was started 
in 1996 by Tim Bray and a host of others. 
We had no Web services, no SOAP, no 
REST, no RSS. If you were grabbing 
data from the World Wide Web, you 
were screen-scraping. 

• Scripting languages were JavaScript, 
Perl, Python, PHP and a few others. 
Mainstream developers saw scripting 
languages as a way to add some automa- 
tion to Web pages, and also to simplify 
some back-end development. Real pro- 
grammers, though, still programmed in 
C++ (or maybe Java). 

What do you see as the most signifi- 
cant changes in the computing land- 
scape — and in software development — 
over the past 10 years? Write me at 
feedback@bzmedia.com. I 

Alan Zeichick is editorial director of SD 
Times. Follow him on Twitter at twit- 
ter. coml zeichick. Read his hlog at 
ztrek. hlogspot. com. 



A look at RIA adoption DATA WATCH 

Adoption of Adobe Flash continues to remain the highest among three popular rich Inter- 
net application platforms, according to Internet usage statistic site StatOwl.com. 
Microsoft Silverlight is gaining on a monthly basis, while Java, described by StatOwl as 
penetration of the general Java Virtual Machine (JVM), is up and down: 
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Five predictions for the next decade 



Manycore Tsunami: You cannot 
develop software for manycore 
using todays mainstream concurrency 
models. I know I sound like a broken 
record on this, but too many people have 
stuck their heads in the sand and are 
willfully ignoring an enormous problem. 
Writing manycore programs is going to 
be the hardest technical challenge in 
your career: harder than understanding 
object-oriented or functional program- 
ming, harder than browser incompatibil- 
ities, harder than tracking down memo- 
ry leaks in a C program. 

Declarative Tier-Splitting: From 
the mind that brought you LINQ comes 
declarative tier-splitting, in which you 
write all your code for a Web application 
in a single location and use attributes to 
let the compiler know "this needs to run 
in the browser, that needs to run on the 
server." Erik Meijer's Volta, Microsoft's 
first foray into declarative tier-splitting, 
has gone dark, but the concept is being 
kicked around by some open-source 
developers, and I strongly suspect that 
Volta is being reworked and evolved 
rather than being abandoned. 

You can never make the network 
invisible, but we have to move beyond 
the current nonsense in which one lan- 
guage and library must be mastered to 



manipulate and validate the view, and 
another language and library must be 
used on the server-side, often re-imple- 
menting the exact same validation work 
(since, of course, one can never trust 
client-side input). Even if JavaScript 
becomes a major server-side language, 
declarative tier-splitting would allow for 
better duplication, cleaner 
code and easier development. 

JavaScript Becomes C: 
JavaScript will become more 
than an order of magnitude 
faster, will drive many appli- 
cations, and will even gain 
strength as a viable server- 
side language. That's the easy 
prediction; JavaScript perfor- 
mance is a major battle- 
ground in the re-emerged 
browser wars. 

While JavaScript is not a language 
that inspires rapturous love, it's service- 
able enough. It lacks a concurrency 
model, but at least it doesn't have a bro- 
ken one. And its variable scoping rules 
are not to my taste, but the new "strict 
mode" of the recently published 
ECMAScript 5 spec will help. 

Most importantly, JavaScript is the 
only language that can be counted upon 
in any browser, now and as far into the 
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future as anyone can predict. In these 
ways, the language that JavaScript most 
resembles is C. There are, and will con- 
tinue to be, tens of thousands of devel- 
opers working in C (with hundreds of 
different compilers, by the way). I've 
long said that learning C is the single 
smartest thing you can do for your pro- 
gramming resume; from now 
on, mastery of JavaScript will 
be equally foundational. 

Multicore Smartphones 
with Managed Runtimes: 
If you think this is a trivial 
prediction, consider that 
right now the iPhone 3GS is 
| actually deliberately under- 
clocked to preserve battery 
life (the 3GS runs an 
833MHz-rated Samsung 
S5PC100 at 600MHz). I do not antici- 
pate a breakthrough in battery technolo- 
gy, and people are only going to expect 
to push more and more media pixels 
through their phones (hey, is it too late 
to coin the term "vexting" for transmit- 
ting short videos?). Yet pockets are only 
so big. I'm not a hardware guy, so I won't 
Moore's Law this and Amdahl's Law 
that. Instead, I'll just say that I expect 
consumer demand to trump hardware 
difficulty. 



As to the "managed" aspect, there's 
no going back from the iPhone's App 
Store: Mobile development is only going 
to become more and more important for 
developers. "Available on a smartphone" 
is a low-priority wishlist item for most 
business applications today, but it won't 
remain low-priority for long. 

Well before the end of the decade, 
mobile development will be as main- 
stream as Web development is today, and 
platform manufacturers like Microsoft 
will have no choice to fully align mobile, 
Web and native development. 

No Silver Bullets: I don't think any- 
one will pass Fred Brooks' benchmark of 
"a single development, in either technol- 
ogy or in management technique, that 
by itself promises even one order-of- 
magnitude improvement in productivi- 
ty." It is just too great a threshold, and 
Brooks was right in identifying the con- 
ception, not the implementation, as the 
essential challenge of development. 

But I am sure that the incremental 
development of great tools and tech- 
niques will deliver that order-of-magni- 
tude improvement over the course of 
the decade. And I am sure that the task 
of software development will become 
ever more enjoyable and satisfying. 
That, too, is part of its essence. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer Read his hlog at 
www. knowing, net. 



Implementing functional TDD 



In my previous column, I discussed 
functional TDD, which is a form of 
TDD I am cottoning to. The basic dif- 
ference when compared with unit test- 
based TDD is that the functional test 
serves as the driver of code. I write a 
failing functional test that defines my 
next coding effort. When the test pass- 
es, I either write another, or, more 
often, I'll write unit tests to exercise 
edge conditions on the code I've just 
created. This approach confers many of 
the same benefits as traditional TDD, 
while mitigating some of its shortcom- 
ings. I discussed some of these in the 
previous column and promised I'd dis- 
cuss the tools I use here. 

I write functional tests in the two fun- 
damental coding scenarios: prior to writ- 
ing new code, and when maintaining 
existing code. Because I code primarily 
in Java, I'll look at the tools that work 
with it. 

When fixing defective code, I repro- 
duce the problem using Groovy as a 
scripting language. Groovy scripts are 
easy to hack together quickly, and the 
syntax is close enough to Java that its 
use is not an obstacle to other develop- 
ers on the team. They can understand 
the tests easily. I try to reproduce the 
defect at the highest level possible. An 
ideal result is running the entire appli- 



cation and causing the error to show. 
Then, I'm really testing how the solu- 
tion I propose works with the various 
computational units it deals with in 
deployment, rather than testing it in 
isolation. 

These functional tests go into a 
regression suite, and the entire suite is 
run before the defect is closed to make 
sure all is copasetic. Once 
the functional test passes, I 
look for edge conditions and 
code that was insufficiently 
tested. And for items, I write 
either additional functional 
tests or, more commonly, 
unit tests. The choice 
depends on the locus and 
scope of the tests. 

When it comes to writing 
new code, I rely on tools nor- 
mally associated with behavior-driven 
development (BDD). This approach 
favors writing code scenarios from 
requirements in the form of tests, 
and then implementing the scenarios 
in code. Typically, the scenarios have 
the form of: given X and Y, when A 
occurs, B should result. The frame- 
work then sets up X and Y, does A, and 
tests for B. 

There are two BDD frameworks 
that I know of that do this well in the 
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Java universe: easyb, which won a Jolt 
award last year, and J Behave. Many 
BDD-oriented frameworks are appear- 
ing for other languages, including 
Cucumber, RSpec and ScalaTest, and 
they're gaining popularity. 

The scenario-based approach of 
BDD does not inherently define the 
scope of tests. It can be used at a high 
level where the test incarnates 
the project requirements. In 
theory, if all scenarios pass, 
the project is complete. They 
can also dip down to unit and 
sub-unit levels. 

The JUnit style of testing 
with set-ups and tear-downs 
and frequent setting of 
mocks to create an environ- 
ment where a specific condi- 
tion can be tested is not that 
different from a "given X, given Y" sce- 
nario. For my purposes, I use BDD for 
a level that falls between these two end- 
points: something greater than a unit 
but less than the full program, which 
(crucially!) articulates a scenario the 
user would recognize. I attempt to stay 
above implementation details in the 
scenarios. 

The benefit of all this is that unit 
tests return to their original role: test- 
ing the workings of units. And func- 



tional tests continue with their mission 
of testing the functionality of larger 
groups of units. I rarely have the expe- 
rience I used to occasionally have in 
the past, which consisted of writing 
numerous unit tests, which passed suc- 
cessfully even though the resulting 
functionality did not work correctly. 
Now, both the functionality and imple- 
mentation details are tested together 
and work in concert to deliver the user 
requirements. 

This approach fixes one of the 
byproducts of TDD, which is 
inescapable: The investment in large 
numbers of unit tests creates an obstacle 
to change. TDD exponents tend to 
understate this effect by pointing out 
that all those unit tests are excellent at 
enabling change by letting developers 
refactor code with confidence. 

Refactor, sure; change, not so much. 
By having suites of both functional and 
unit tests, I can make large changes, 
and my functional tests should still 
work. In fact, I posit that functional 
tests make better characterization tests 
than do unit tests. I can tell right off 
whether I've unhinged functionality 
that I promised the user. 

That's my first concern. Later, I can 
resolve the matter of writing new unit 
tests to lock down the edge cases. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
hinstock.hlogspot.com. 
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AFTER MY MANY YEARS OF inter 
viewing software developers of all 
stripes, I have come to a conclusion: You 
all wish you were making games. Sure, 
there are plenty of programmers out 
there who enjoy writing enterprise code, 
and even more that find it a tolerable 
way to spend their working life. But in 
the beginning, it seems to me that all 
programmers get into development in 
order to write games. 

I know of only one developer I have 
ever met who learned to program 
because his parents gave him nothing but 
a C64 and a C compiler. Other than him, 
however, it would 
seem that all software 
developers remember 
one Christmas or one 
birthday when that 
first computer was 
unwrapped, and that first game they 
played. It's an interesting phenomenon 
and one that artists have long known: 

There's more money in writing jin- 
gles for commercials than in trying to 
make it big as a rock star. And there is 
more money in fixing business transac- 
tion systems then there is in trying to 
write the next big game. — Alex Handy 

AGILE DEVELOPMENT MAY HAVE 

really caught on over the last few years, 
but a couple of executives at Electric 
Cloud note that the concept isn't quite 
new in other industries. 

"We're really behind people who are 
making manufactured goods," said Mike 
Maciag, CEO of Electric Cloud. "This 
whole concept of agile has existed in 
manufacturing for decades. We're just 
catching up to this now. Like agile, just- 
in-time manufacturing is about how to 



cut batch sizes, and the result was having 
lower inventory." 

Anders Wallgren, CTO of Electric 
Cloud, noted the concept of continuous 
process improvement in manufactur- 
ing, which involves constant evaluation 
of processes to improve efficiency. 
Continuous process improvement 
"kind of dovetails nicely with what agile 
wants to do, which is cycling several 
times through the product release 
cycle, and do things, try them, test 
them, improve them, and then release 
them," Wallgren said. — Jeff Feinman 

WIKIPEDIA FOUNDER JIMMY WALES 

recently wrote a Wall Street Journal 
op-ed piece decrying the lack of civility 
in online forums, and he suggested 
ways to remedy this. His suggestions, 
though, will probably fall on disinter- 
ested ears. 

His criticism of rude, obnoxious and 
abusive online behavior is very late in 
the game. When the World Wide Web 
was first kicking around, most people 
communicated fairly anonymously, 
behind pseudonyms and in detached 
message boards. Because they were 
essentially untraceable, it provided a 
shield of anonymity that 
allowed them to get 
away with all kinds of 
outrageous behavior. 

But today this kind 
of behavior is considered 
the norm and the majority 
of Internet users seem to at least toler- 
ate it. 

It looks to me that Mr. Wales is 
underestimating the desire of many 
Internet users to simply let loose online 
without restrictions, for better or worse. 




If he intends to make the Web more civ- 
il, he will probably find himself out- 
gunned here. — Adam LoBelia 

DURING THE HOLIDAYS, I decided to 
make some room in my bookcase for 
newer publications, such as "Hadoop: 
The Definitive Guide" from O'Reilly 
and Yahoo Press, and I came across 
some titles from bygone days. At the 
time, it felt as if they were must-reads. 
Now, they are so antiquated. 

Among the titles: "COM and CORBA 
Side by Side: Architectures, Strategies 
and Implementations." I recall doing an 
interview about five years with a compa- 
ny called Iona Software, which was one of 
the leaders in CORBA software, and 
even then they were saying, "We're not 
talking about CORBA anymore. It's all 
about the enterprise service bus now." 

Then there's "Kylix: The Professional 
Developer's Guide and Reference." I 
don't know of too many developers who 
were working with Kylix back in 2001, 
when this book was published. I can't 
imagine there are any today. 

Finally, I came across "The Road to 
the Unified Software Development 
Process," by Ivar Jacobson. Thumbing 
through it, I re-read about the merger of 
Rational and Objectory, which brought 
together tools and development process- 
es. It was a great success story, but when 
agile development went mainstream, 
developers came to see the Unified 
Process as an 800-pound gorilla. 

It's interesting to follow the advance 
of software development through these 
books. I'm sure that in 10 years, the 
Hadoop book will seem as quaint as 
these other titles do now. 

— David Rubinstein 




business briefs 



StreamLink Software, a provider of nonprofit hosted software 
management systems, has announced US$600,000 in Series A 
funding led by technology startup investment firm North Coast 
Angel Fund. Company executives said the funding complements a 
previous $100,000 grant from the Lorain County Community Col- 
lege Foundation. 

EARNINGS: Oracle reported that second-guarter fiscal 2010 
total revenues were up 4% to US$5.9 billion compared to the same 
guarter last year, while guarterly net income was up 12% to $1.5 
billion on a year-over-year basis. New software license revenues 
were up 2% to $1.7 billion, and operating income was up 10% to 
$2.2 billion compared to the same guarter a year before. Addition- 
ally, the company reported that operating margin was up 200 basis 
points to 37% . . . Progress Software released results for its 
fourth guarter ending Nov. 30, 2009, reporting that revenue for 
the guarter was US$136.8 million, down 2% from $139.4 million in 
the fourth guarter of fiscal 2008. Operating income increased 
204% to $25.8 million from $8.5 million in the fourth guarter of 
fiscal 2008, and net income increased 157% to $16.7 million from 
$6.5 million in the same guarter last year. Diluted earnings per 



share increased 150% to 40 cents from 16 cents in the fourth 
guarter of fiscal 2008, while operating income increased 10% to 
$37.4 million from $34.0 million in the same guarter a year ago 
. . . Red Hat announced total revenue for third-guarter fiscal 2010 
of US$194.3 million, 18% higher than the year-ago period. Operat- 
ing income for the guarter was $19.8 million, a drop from $21 mil- 
lion in the comparable period of the previous year. Net income for 
the guarter was $16.4 million, compared with $24.3 million in the 
year-ago guarter, while operating cash flow totaled $54.1 million, a 
drop from $59.1 million from the year-ago guarter. The numbers 
reflect one-time charges from the settlement of litigation as well 
as an increase of 23% in deferred revenue . . . TIBCO Software 
announced financial results for its fourth guarter ending Nov. 30. 
Total revenue for the fourth guarter of fiscal 2009 was US$195.6 
million, and net income was $31.7 million. This compares to total 
revenue of $185.5 million and net income of $32.3 million report- 
ed for the fourth guarter of fiscal 2008. Additionally, non-GAAP 
operating income for the fourth guarter of fiscal 2009 was $58.3 
million, resulting in a non-GAAP operating margin of 30%. This 
compares to non-GAAP operating income of $54.0 million, or a 
29% non-GAAP operating margin, in the fourth guarter. I 



events Calendar 



Lotusphere 


Jan. 17-21 


Orlando 




IBM 




www.ibm.com/lotus/lotusphere 




Web 3.0 Conf. 


Jan. 26-27 


Santa Clara 




MEDIABISTRO 




www.mediabistro.com/web3 




Macworld 2010 


Feb. 9-13 


San Francisco 




IDG WORLD EXPO 




www.macworldexpo.com 




SPTechCon 2010 


Feb. 10-12 


San Francisco 




BZ MEDIA 




www.sptechcon.com 




PyCon 2010 (Python Conf.)Feb. 17-25 


Atlanta 




PYTHON SOFTWARE FOUNDATION 




us.pycon.org 




Enterprise Software 


March 1-3 


Development Conf. 




San Mateo, Calif. 




BZ MEDIA 




www.go-esdc.com 




RSA Conf. 


March 1-5 


San Francisco 




RSA CONFERENCES 




www.rsaconference.com 




Game Developers Conf. 


March 9-13 


San Francisco 




THINK SERVICES 




www.gdconf.com 




SHARE 


March 14-18 


Seattle 




SHARE 




www.share.org 




Microsoft MIX10 


March 15-17 


Las Vegas 




MICROSOFT 




www.microsoft.com/events/mix 




Cloud Connect 


March 15-18 


Santa Clara 




TECHWEB 




www.cloudconnectevent.com 




TheServerSide 


March 17-19 


Java Symposium 




Las Vegas 




TECHTARGET 




javasymposium.techtarget.com 




EclipseCon 


March 22-25 


Santa Clara 




THE ECLIPSE FOUNDATION 




www.eclipsecon.org/2010 




DevConnections 


March 22-25 


Las Vegas 




PENT0N MEDIA 




www.devconnections.com 




MySQL Conf. and Expo 


April 12-15 


Santa Clara 




O'REILLY MEDIA 




www.mysqlconf.com 




ESC Silicon Valley 


April 26-29 


San Jose 




TECHINSIGHTS 




esc-sv09.techinsightsevents.com 





For a more complete calendar of U.S. software 
development events, see www.sdtimes.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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